The present invention relates generally to computer systems and firmware, and more particularly, to the use of a programmable lock bit for firmware ROM which disables read access until CPU reset or entry to a secure CPU mode, thus providing for secure system firmware.
The prior art relating to the present invention generally falls into two categories. The first category involves preventing write-access to the firmware ROM, either through lock bits or by generating some type of interrupt when access is attempted. For example, Intel ICHx chips contain configuration bits that enable the generation of a System Management Interrupt (SMI) when attempts to write to the firmware ROM are made.
With regard to the first category, there is no attempt to prevent reading the contents of the firmware ROM. Thus, the firmware ROM is safe from tampering, but not safe from prying eyes.
The second involves preventing read and write access to the firmware ROM by modification of a read/write configuration bit. Examples include the Intel ICHx chips which contain read/write configuration bits which determine whether attempts to read the firmware ROM will access the ROM or be ignored.
With regard to the second category, there is no attempt to “lock” the configuration bits, which allows the contents of the firrnware ROM to be accessed simply by modifying the configuration bits.
There is also known prior art controlling access to various areas of RAM, including readability.
The prior art is generally concerned about the modification of the firmware ROM or about modification of the contents of shadow RAM. While some prior art (i.e., the ICHx configuration bits) does allow reading of the firmware ROM to be disabled, any malicious program could, using publicly available information, enable the ROM again.
It is therefore an objective of the present invention is to provide for computer systems, methods and software that provide for secure system firmware using a programmable lock bit.